An effective and dynamic partner

Given Australia’s stringent regulatory and audit requirements, Beem required a solution to help it stay compliant while screening high volumes of customers daily.

Previously, the company had struggled with several screening issues that were slowing down customer onboarding times, reducing customer satisfaction. Manual processes, for example, had led to a backlog of alerts, consuming too much analyst time.

To combat this, Beem needed a dynamic solution that offered effective customer screening services suitable for its business and jurisdiction. After searching the market, the firm met with ComplyAdvantage in 2019 and began a long-term partnership. 

“During the vendor qualification process, we were particularly impressed with the search levers, search profiles, and the easy application programming interface (API) integration that ComplyAdvantage offered.”
Jason Backhouse, General Manager Open Payments 

Reducing alert remediation times to increase efficiency 

ComplyAdvantage’s implementation specialists collaborated with Beem from the outset to understand its business model and unique challenges. Once they finished their deep dive, they presented the firm with a bespoke suite of solutions based on their findings.  

Before partnering with ComplyAdvantage, Beem was experiencing high match rates of eight percent. However, after adopting a risk-based approach using ComplyAdvantage’s customer screening and transaction monitoring solutions, Beem reduced its match hit rate to 1.2 percent by December 2023, contributing to a 10 percent increase in its AML program’s efficiency.

Automated workflows via ComplyAdvantage’s RESTful API were also introduced to improve the firm’s overall operational efficiency by freeing analysts’ time. This enabled them to resolve legitimate sanctions hits within one working day, resulting in faster onboarding and improved customer satisfaction.

Beem & ComplyAdvantage: Key benefits in numbers

• Lowered the time taken to clear new customers to within one business day.
• Lowered match hit rate to under 1.2 percent.
• Minimized time to clear new cases.
• Increased overall efficiency by 10 percent. 

Taking new risks

While both parties are pleased with the ongoing success of the partnership, new risks are always emerging. With this in mind, ComplyAdvantage’s customer success and Beem’s compliance teams continuously review their operational efficiency and hold enablement sessions to equip Beem with the latest product and feature releases – creating a positive and sustainable experience for its customers.

“Through our years of partnership, ComplyAdvantage has enabled Beem to perform at the top of our compliance game. Their commitment to excellence and our business allows us to focus on providing a better experience for our customers while maximizing security and trust in our platform and meeting the requirements of our regulators.”
Jason Backhouse, General Manager Open Payments

A collaborative approach, combined with ComplyAdvantage’s dedicated account management and support, has led to a thriving long-term partnership that has helped Beem save time, stay compliant, and continue to scale and grow as a business.

The post Beem boosts analyst efficiency and customer satisfaction with automated workflows appeared first on ComplyAdvantage.

• A transaction monitoring solution that’s scalable, efficient, and powerful.
• A quick comparison of the top available solutions.
• A clear list of features. 

This article summarizes six top transaction monitoring software vendors, listing their key strengths and explaining the types of firms they serve.

4 things to consider when selecting transaction monitoring software

When selecting the right transaction monitoring software vendor, here are four key points firms should consider:

1. Scalability and adaptability: Seek a solution that can grow and adapt to the complexity of transaction volumes and new financial crime risks, ensuring a long-term return on investment.
2. Customization and rule flexibility: Look for a transaction monitoring solution that offers customization and rule flexibility, allowing rulesets to be built and optimized based on various parameters. A user-friendly interface for rule-building and expert industry support can enhance the adaptability and effectiveness of the solution. 
3. Customer support: Proactive customer support can improve the ongoing success of the solution once implemented, increasing performance over time by applying industry expertise to suggest improvements aligned with the firm’s changing risks.
4. Alert prioritization and machine learning features: Some solutions utilize artificial intelligence (AI) to prioritize alerts based on risk levels, optimizing senior analysts’ time by identifying and investigating the highest-risk activities. Additionally, look for machine learning features that enhance the ability to identify new risks beyond traditional rule-based detection.

The best transaction monitoring software companies

1. ComplyAdvantage

Transaction Monitoring from ComplyAdvantage is an AI-driven solution that helps firms detect financial crime with advanced insights on hidden risk and custom thresholds. Our machine-learning models have won hackathons organized by ACAMS and PwC.

The G2 GridⓇ for Anti-Money Laundering is a helpful way of measuring financial crime risk management vendors based on customer opinion. The G2 GridⓇ lists ComplyAdvantage as a leader in anti-money laundering.

Top ComplyAdvantage features

• Industry-validated out-of-the-box rulesets – Choose from our library of red flags and suspicious activity scenarios based on AML/CFT industry typologies.
• No-code self-serve rules building – Even though we offer ongoing specialist support, it won’t hold you back when you need to make quick changes to rules.
• Specialist-supported implementation & ongoing calibration – Our team of experts helps you set up a tailored, risk-based solution – and continue fine-tuning it more effectively.
• AI-driven alert prioritization – Allows you to prioritize and focus on the greatest risks to your business.
• Scalability from startup to billions of transactions – Keep the same solution – and effectiveness – as you grow.
• New risk detection using advanced machine learning – Where rules cannot detect specific activity, our AI capabilities fill the gaps.
• AI-driven relationship detection – Identity clustering uses machine learning to identify data patterns that may indicate hidden links between accounts.
• Adjustable rule thresholds – Set thresholds based on your risk exposure.
• Integrate risk data, processes, and insights in one platform via API – Synthesize your native risk insights with our proprietary ones, integrate with other key compliance features such as payment screening, and more.
• Dashboard with rule performance and team stats – Helps manage the team and empowers you to make informed decisions regarding changes to rule thresholds.
• Integrated risk scoring – Implement your customer risk scoring seamlessly with API integrations.
• Integrated case management – Provide a holistic view of transaction alerts linked to a profile in a single place.
• Adverse media insights – Natural language processing (NLP) algorithms read through media information, identify relevant individuals and organizations, classify adverse media categories, and consolidate this data into comprehensive profiles.
• Segmentation – Apply your risk-based approach with a powerful segmentation engine.

Improve your organization’s operational efficiency

Fortify your organization and fuel your growth with dynamic solutions tailored to your needs. Book your free demo today and find out why 1000s already use ComplyAdvantage.

Speak to an expert

2. Youverify

According to Crunchbase, Youverify “helps financial institutions to comply with AML regulations and fight fraud with ease.” Youverify was founded in Lagos, Nigeria, in 2017.

3. NICE Actimize

According to Crunchbase NICE Actimize “provides real-time fraud prevention, anti-money laundering, enterprise investigations, and risk management solutions.” Founded in 1999, the company has offices in Europe, the Middle East, and Africa. 

4. SAS

According to TechTarget, SAS Institute Inc. “is a software vendor that specializes in advanced and predictive analytics software applications, as well as business intelligence and data visualization offerings.” Originally known as Statistical Analysis System, the company was founded in 1976.

5. Oracle

According to Crunchbase, Oracle is “an integrated cloud application and platform services that sells a range of enterprise information technology solutions.” Oracle started trading in 1977, and its headquarters are in the United States.

6. Verafin

According to Crunchbase, Verafin “offers a fraud and AML detection platform that helps detect, investigate, and report money laundering and financial fraud.” Verafin was founded in 2003 and is based in St. Johns, Canada.

3 top tips for speaking to vendors

When negotiating and discussing with vendors, here are three top tips for firms to consider:

• Ask how fast implementation will be: Customer experience and satisfaction are paramount for any organization and can be hampered by a slow implementation process. A personalized approach and ongoing support can be highly beneficial, as issues can be ironed out as they arise. When rolling out a transaction risk management solution, leading B2B infrastructures-as-a-service company, TransferMate described the collaborative process with ComplyAdvantage as a “one team, two organizations” approach, which reduced their alert remediation times by up to 50 percent.
• Explore how AI is used: Many vendors will talk about AI-driven solutions. Ask for specifics on how AI is being used and proof points on the benefits other customers are seeing. Improved efficiency and more effective risk prioritization are good use cases to start with. For example, when digital bank Holvi deployed AI-based alert prioritization from ComplyAdvantage, it saw that forty percent of its high-priority alerts were true positives, compared to less than one percent of low-priority alerts.
• Find out about plug-and-play capabilities, such as pre-built libraries of rules and typologies, which can help streamline the set-up process. Some also include libraries to help teams learn the software faster and offer sandboxes, API guides, and dummy data for testing.

All information from publicly available websites has been sourced and is correct as of March 2024. If you’d like to request a correction, please e-mail content@complyadvantage.com, and we’d be happy to review this with you.

The post The best transaction monitoring software and companies in 2024 appeared first on ComplyAdvantage.

Before working with ComplyAdvantage, BigPay had a manual, ad hoc screening process. It needed to implement a more efficient one – fast – to meet its regulatory obligations. The reliance on manual processes also meant the firm faced the challenge of cumbersome batch processing during its annual customer rescreening, something that became increasingly difficult as the firm – and its customer base – grew.

BigPay also needed a solution that could be tailored in line with its risk-based approach:

“We had issues with customizability, as most platforms offer a standardized list of searches. We planned to have full control over the range of lists we used depending on the use case, transaction type, and country.”

Ashwin Nazareth, FinCrime Operations & Disputes Principal, BigPay

Integrated, customized screening and monitoring

The firm needed a flexible, unified platform that could scale across multiple markets and handle volume spikes during periods of peak demand. But with its previous solutions, streamlining these complex processes wasn’t possible – it involved too many touchpoints and manual processes. What’s more, BigPay needed a solution to automate workflow processes for name screening and adverse media searches, freeing up analyst time for more in-depth investigations.

That’s where ComplyAdvantage’s customer screening and transaction monitoring came in. BigPay was able to custom-build a single proprietary interface connecting multiple tools, trackers, and databases via a single API. The financial services firm also set up unique screening profiles for its individual markets, providing proportional controls for different products and transaction types – such as remittance and e-money. Accessible search profile configuration and fuzziness fine-tuning streamlined the process of aligning with new regulations.

“We now have the benefit of researching sanctions, PEPs, and adverse media all at the same time from a large number of sources rather than using multiple tools and databases. The time saved comes from only having to research the alerts, rather than wasting time looking for them.”

Ashwin Nazareth, FinCrime Operations & Disputes Principal, BigPay

Collaborative risk management

Throughout the process, BigPay has been able to partner with its customer success manager at ComplyAdvantage, who applies industry-wide best practices to ensure the solution is performing well and saving time in key areas.

“Customer support has been fantastic, especially with a dedicated account manager who resolves our issues promptly and keeps us up to date on our account performance,” said Nazareth. This included advice on “where we should be focusing our innovation and technological enhancements. In fact, two of our major time-saving innovations came directly from recommendations during the account review cycles.”

In the next few years, BigPay wants to sharpen its focus on key typologies affecting virtual financial services, such as fictitious identities, mule accounts, and scams. Nazareth also noted the increasing importance of collaborative data in financial crime risk management, both within the financial services industry and between financial firms, law enforcement, and regulators. Trends like these will only increase the need for the kind of high-quality, holistic data ComplyAdvantage provides.

“There’s no other solution currently on the market quite like ComplyAdvantage,” commented Nazareth. “And what it can do, it does exceptionally well.”

The post BigPay improves analyst efficiency with integrated customer screening & transaction monitoring appeared first on ComplyAdvantage.

To help firms benchmark solutions they’re exploring, we recommend asking seven key questions.

1. Can the solution scale with my business?

Smaller-scale operations may be able to manage financial crime risk with a greater number of manual processes initially. But as firms scale, the data and risks they face become increasingly complex. At the same time, financial crime – and regulations designed to curb it – are also increasing in complexity. 

Our 2023 tech and talent survey indicated that this growth in complexity is driving firms to invest more. 91 percent said they planned to spend more on compliance technology in the coming 12 months. As regulatory enforcement actions repeatedly show, transaction monitoring can be a significant part of an effective AML/CFT process.

So where does that leave firms? When investing in transaction monitoring technology, seek a tool that can adapt as transaction volume and complexity increase. This will deliver a better long-term return on investment (ROI) than repeatedly engaging in expensive, cumbersome overhauls. 

2. Can I tailor the monitoring rulesets to my bespoke risks?

In 2020, the Central Bank of Ireland’s Anti-Money Laundering Division observed several problematic themes affecting firms’ AML/CFT program effectiveness. Among these was the use of generic monitoring thresholds that failed to detect nuanced patterns.

Traditional rulesets may be a good baseline, but they are often inflexible and do not adapt well to a firm’s unique risks. Those that can be changed may require coding skills or third-party intervention, complicating the process.

What firms need is the flexibility to tailor transaction monitoring rules to their unique and changing risks. This requires both expert accuracy and user-friendly accessibility. 

Firms don’t have to choose between these benefits. Consider solutions that offer support from industry experts alongside accessible self-serve rule building. Combining these two features allows firms to make granular changes quickly while also benefiting from specialist calibration in the long term. It’s also key to keeping pace with evolving financial crime typologies and ensuring continued support for new products as a firm continues to grow. 

In one instance, TransferMate was able to work with ComplyAdvantage to tailor-make a rule that would detect key behavioral indicators for child sexual exploitation. After receiving key updates from law enforcement in the field, they were able to immediately refine the rule and account for behaviors indicating abuse of younger victims. With other solutions, making the change could have taken six months or more.

3. What kind of ongoing support do I get?

Creating a tailored, risk-based rule set can be a complex process, requiring expert input to develop the right strategy, and refine it over time. A step beyond mere outsourcing, a truly proactive customer success manager (CSM) will act as a firm’s partner, collaborating rather than just working behind the scenes. 

So when selecting a transaction monitoring provider, look for customer success experts that work with other firms in the same industry, and can aply their expertise to develop creative solutions. The support team should be tuned in, proactively reaching out about possible improvements in light of a firm’s changing risks.

“[ComplyAdvantage] supports a constant cycle of learning and evolving, able to adapt in line with the changing behavior of both customers and criminals. It didn’t matter who worked for HTB and who worked for ComplyAdvantage. We had a single team, driving forward the delivery with a focus on achieving the outcome.”

Robin Jeffery, Head of Transformation at Hampshire Trust Bank

4. Can I use AI to prioritize alerts? 

Even a well-calibrated transaction monitoring solution will trigger alerts with a variety of risk levels. Without a way to sort alerts, qualified investigators can spend most of the day analyzing low-risk activity. This wastes company time and makes teams more likely to miss illicit transactions.

Thirty-one percent of respondents in our 2023 State of Financial Crime report said this was the top way they believed AI could add value to their compliance team. 

Look for transaction monitoring tools that can use AI to assess the highest-risk alerts and bring them to the fore. This will maximize senior analyst potential, allowing them to swiftly investigate the highest-risk activities first. Lower-risk alerts can be used to train more junior analysts. When alerts are sorted by risk, it also becomes easier to assess whether monitoring rules need to be tweaked.

“Many firms are already seeing success with AI, so it’s important to be agile, and avoid falling behind competitors who may soon be able to work in a much more sophisticated way without comparable increases in costs.”

Iain Armstrong, Regulatory Affairs Practice Lead at ComplyAdvantage

Smart Alerts

Discover how AI-led transaction monitoring can help identify illicit activity sooner.

Request a Demo

5. Can I identify new risks with machine learning?

While the debate around the most effective transaction monitoring technologies tends to revolve around a binary comparison between traditional rules and AI, the two can work effectively together.  Tailored rules can detect known scenarios via established indicators, while machine learning (ML) fills in the gaps with intelligent analysis.

Firms can evaluate transaction monitoring tools by asking whether they enhance rule-based detection with ML-driven features like identity clustering, natural language processing (NLP), and behavioral analytics. These features can detect new risks traditional rules would miss.

For example, identity clustering analyzes personal and behavioral data points across multiple accounts for shared characteristics that can reveal a hidden common identity behind them. Similarly, NLP can analyze transactions and non-financial data to take factors such as location and time into account when evaluating a transaction’s risk.

“To better identify suspicious activity and understand the complete flow of illicit funds, we required a solution that would allow us to view and assess previously unseen connections between different accounts. We also wanted the ability to instantly ‘blacklist’ specific counterparties and their external bank accounts to prevent them from being used in future transactions by the same and other clients.” 

Adam Mackulin, Head of Compliance & MLRO at Payset

6. Does it seamlessly integrate with existing resources?

When a powerful transaction monitoring tool can’t integrate well with a firm’s existing data and technology, its potential is stunted. Without the ability to work seamlessly with the whole risk management function, even the most cutting-edge technology risks ineffectiveness. 

In considering a transaction monitoring solution, evaluate whether it plays well with the wider process. For example, which data points can teams integrate into the rules builder? Will the tool process a firm’s native risk insights alongside its own? Does its APIs allow integration with other functions, such as payment screening, for a more holistic risk approach?

7. How fast and efficient is implementation?

A slow implementation process can hurt customer experience and delay the development of new products and services. Inadequate support can become a chronic problem that burdens compliance teams, compromising the ability to add new rules and features.

So when evaluating a new transaction monitoring solution, consider the vendor’s approach to implementation. How do they support clients during the process? Look for features that jumpstart the process, such as a pre-built rules library.

This doesn’t rule out customized risk detection – just streamlines getting started. Vendors should also offer in-house technical and personal expertise to support custom features. Sandboxes can help streamline the customization process, allowing firms to test new features in a safe environment and adjust them quickly while reducing fallout from errors.

For example, Atlanticus, an inclusive payment services technology company, partnered with ComplyAdvantage for transaction monitoring in January 2023. Thanks to strong, efficient collaboration throughout the initial implementation, they were able to go live in mid-April of the same year.

Stepping into the future with transaction monitoring

Firms looking into a new transaction monitoring solution can benefit from a platform that adapts to their changing risks, using AI risk detection to enhance bespoke rule sets. It’s also important that the tool integrates well with the wider compliance process and can process the data most relevant to the firm. 

Implementing a new transaction monitoring solution requires sensitivity, careful planning, and consideration of key issues such as data quality and effective organizational change. Any large scale deployment of new transaction monitoring technology needs to be properly integrated with existing teams, processes, data and platforms to ensure firms get the best outcomes. That’s why it can be crucial to choose a solution provider that will accompany a firm in the transition, partnering with key stakeholders to ensure the best possible outcome.

With the right transaction monitoring technology, firms can be confident they meet – even exceed – regulator expectations while managing risks effectively.

The post 7 questions to ask when choosing a transaction monitoring solution appeared first on ComplyAdvantage.

In this webinar, ComplyAdvantage Technical Lead Oscar Hazelaar discussed how the right approach to risk in transaction monitoring could also reduce costs. Based on his thoughts, this article explores how firms can find the “Goldilocks Zone” – where cost-effective monitoring is also risk-based. 

Transaction monitoring objectives

When done properly, transaction monitoring ensures regulatory compliance by addressing the risks a firm needs to cover based on its enterprise-wide risk assessment (EWRA). It helps firms detect behavior indicating that financial crime might be occurring. A risk-based approach means implementing rules that capture well-known financial crime red flags as well as a firm’s industry-specific risks. A transaction monitoring system should also be calibrated to protect a firm’s client base – not only detecting high-risk individuals, but also potential victims of financial crime. 

Defining success in transaction monitoring

What does success look like in transaction monitoring? Three key factors stand out: 

1. Its rules align with regulatory requirements and industry best practices. A risk-based approach builds rules around a firm’s regulatory requirements, as well as scenarios that address risks unique to its products or industry. For example, an exchange in the crypto space should be confident that it can detect when someone is moving fiat currency to and from its system without changing it into cryptocurrency. This might indicate money laundering. 
2. Its rules are driven by a firm’s risk data. Rules are important, but they cannot detect risk alone. It’s also crucial to factor in customer risk. This allows a firm to apply additional due diligence to riskier customers – while ensuring lower-risk customers are not unnecessarily impacted and can do business smoothly with the firm. 
3. It can access and take advantage of comprehensive data. Many firms sit on a wealth of customer insights and data that they can use to drive their solutions. One use case centered around ATMs, where a firm wanted to detect if a specific customer (of retirement age or above) was withdrawing repeated high-value transactions. This was a potential sign of elder abuse. The firm factored in their customers’ date of birth and age, using this knowledge to expand their transaction monitoring coverage beyond a standardized scenario.
4. Its rules are operationally effective. As a firm deals with transactions and scales its products, its solution should allow it to process alerts effectively without overwhelming backlogs. An overzealous transaction monitoring solution can create a difficult workload to manage and becomes hard to justify from a cost perspective. A robust solution is designed to respond to historical data and reduce future false positives. 

The consequences of ineffective transaction monitoring

An ineffective transaction monitoring approach can fail to detect financial crime and may even enable it. What might cause a firm not to miss potential criminial activity despite having a transaction monitoring solution? 

1. Inadequate transaction-monitoring rules. First, it might be that the behavior a firm failed to detect was not actually covered by its rules. Perhaps a crucial approach or angle was not considered when the transaction monitoring solution was set up. Alternatively, a rule might have been set up to detect a particular behavior but failed to capture it. 
2. Scenarios and rules that generate a lot of alerts. This occurs when a firm’s coverage is overly broad, which can create false positives. Repeated false positives from specific rules could encourage outright dismissal of future alerts – even if it sometimes captures true behavior that requires investigation and reporting.

What are the costs of ineffective transaction monitoring?

Operational strain

An imprecise transaction monitoring solution can create the need for a larger team to avoid alert backlogs. But increased headcount is not always manageable – especially in newer firms that don’t have the necessary resources. Nor does headcount alone guarantee a risk-based process: teams need the right tools to detect risk. The resulting inefficiencies can impact team morale. Large backlogs can create overwhelm, especially when reviews constantly reveal false positives. The extra strain can create a string of negative impacts in the long term, from burnout and analyst turnover to missed risks and even regulatory fines. 

Reputational damage

A poorly-implemented transaction monitoring solution can also result in reputational damage. On the one hand, this can occur if a firm operates too stringently relative to its risks – which is common soon after a new product launches. If a firm’s rules are too broad from the start, this could impact customer experience and first impressions. Although it’s essential to have a solid transaction-monitoring solution in place from the beginning, broad rules do not necessarily detect more risk. Instead, effective systems should capture a firm’s tailored risks. 

On the other hand, controls that are too lax can also result in missed suspicious activity.  For example, failure to detect a compromised customer account could negatively impact a firm’s reputation and any product involved. Not basing transaction monitoring on risks can result in a failed audit, particularly if a lack of controls is found to have facilitated financial crime. It can also result in regulatory penalties and bad press. Over the past few years, there’s been a lot of attention on organizations implementing poor compliance practices. Transaction monitoring is very much a part of this.

The Goldilocks zone: Balancing costs and coverage

How can firms work on a more effective transaction monitoring solution while managing costs? IA successful solution balances the need for comprehensive coverage with an organization’s operational requirements. Traditionally speaking, transaction monitoring solutions lean toward broader and more costly coverage out of an abundance of caution. And indeed, in a constantly-changing regulatory landscape, capturing and reporting as much potentially suspicious behavior as possible could be seen as a way to avoid regulatory fines and other risks. 

But again, broader coverage is not necessarily risk-based. A more effective approach – which can also be more cost-effective — is to assess a firm’s unique risk with a regularly-updated enterprise-wide risk assessment (EWRA). This allows firms to conserve resources in areas that are not significant risks for them, while targeting strategic investment in their riskiest areas.

ComplyAdvantage works with firms to increase a risk-based level of accuracy, working to target relevant behavior. This can help reduce overhead costs while keeping the primary focus on risk-based and effective transaction monitoring. 

So how can a firm achieve the right balance? Here are the steps we generally follow with clients.

• Start with a base set of rules. This can be determined based on rules a firm may have implemented previously – or that other members of their industry recommend. 
• Compare those rules with known operational and industry risks. This can be broken down into three steps:
  • At the base level is a firm’s customer risk data, gathered at onboarding, establishing that the individual onboarded is who they say they are. This information includes where the customer is located and typical behavior and activity – such as products that they’ve purchased and used regularly. This data can then be used to create a risk rating to drive transaction monitoring rules. 
  • The next part is to identify subgroups within a firm’s customer base. A straightforward example would be the difference between individual and corporate customers: as their behavior will be very different, they must be monitored differently. If firms monitor both with the same rule set, they’ll fail to cover at least one of those groups effectively, and alerts will not be risk-based. 
  • Lastly, a firm can use any additional information gathered at customer onboarding within its transaction monitoring product. For example, say a firm’s customer announced ahead of time how much they planned to use its service. The firm can use that information as part of its transaction monitoring rules to continuously verify that the customer is sticking to what they initially said. 
• Introduce rule-refining mechanisms based on this information. For example, a threshold-based rule may need to differentiate between a firm’s corporate customers and its individual clients. Similarly, a firm may want to compare customers in a specific industry to others previously onboarded in the same industry. If a new customer’s average transaction volume exceeds the norm for the industry’s customer base, there may be a red flag to investigate. 
• Keep optimizing after deploying the first solution and establishing the first rule set: 
  • Verify any assumptions (such as customer risk level) made while planning for accuracy and effectiveness against the data going through the system. 
  • The setup should change with the product as the firm grows and adds additional products or services. The transaction-monitoring solution must be flexible enough to accommodate new types of transactions, volumes, or patterns without inflicting excess work. 
  • The solution should keep up with continuously-changing regulations – and, ideally, should be designed around continuous regulatory change.

How ComplyAdvantage helps clients maintain continuous improvement

At ComplyAdvantage, we take several steps to help customers continue improving their transaction monitoring solution: 

• Assess: How is the System Performing?

This involves more than just looking at how many rules are triggering for certain types of transactions. We drill down, investigating where those hits are coming from. What type of customer is generating these alerts? How are these rules triggering, and what was the outcome of our customers’ reviews? If we see that specific types of alerts are repeatedly flagged as a false positive – or no action was taken – we then ask: is this as expected? Is this repetitive alert part of planned checks and balances, or do adjustments need to be made? 

• Share Insights & Observations

We then discuss the insights and patterns our analysis has revealed with our customers. This opens the way to talk about changing the existing rules to better accommodate real-life transaction volumes. This is an ongoing discussion because we continually find new insights and transaction monitoring approaches.

• Determine Which New Scenarios to Address

Based on the information and insights discussed, we work with clients to determine the best way to address new scenarios. When implementing transaction monitoring rules, it’s natural to think in terms of capturing certain behaviors. But it’s important not to stop here, as other elements may also contribute to false positives or negatives. For example, moving beyond hard-coded transaction thresholds, what’s the average transaction volume for specific customer groups? 

• Design for Continuous Improvement

Taking the time upfront to design an agile system will pay off in the long run. The more time firms can invest upfront to design a solution that effectively facilitates change, the easier it will be to maintain and improve over time.  In contrast, if a solution is only designed to monitor one type of transaction, firms can encounter problems when incorporating inevitable new scenarios, leading to overly complex money flow representations. Well-planned solutions will allow firms to self-manage many rule changes and additions, reducing the need to submit third-party requests for routine adjustments and improving efficiency.

Key takeaways

Firms looking to optimize their transaction monitoring solutions should focus on three key areas. If they partner with an existing provider, they may want to consider whether the vendor will walk alongside them to address these three areas. If not, they may want to consider a provider that will focus on these areas with them.

1. Find the “goldilocks zone” where risk-based coverage and cost efficiency overlap. Instead of seeing cost-effectiveness as competing with risk-based coverage, consider them as two sides of a coin. While effective transaction monitoring requires real investment, a risk-based approach is not always the most expensive. Rather, indiscriminately broad or lax coverage can negatively impact cost as well as risk. A solution that instead targets a firm’s unique risks will not only catch more but also reduce wasted spending on excessive measures, repeated work, damaged reputation, staff turnover, and regulatory penalties. Risk-based approaches are generally more cost-effective.
2. Tailor transaction monitoring around firm-specific needs and risks. This should be driven by internal information, including a recently-updated EWRA. No one client has the same data available – or works in the same way. Firms might share general scenarios, but their approach to each should be tailored around the specific risk that comes from where they’re located, what regulations are in place, and the types of clients they have. There’s no such thing as a run-of-the-mill solution. Each solution should work for the individual firm and its product. 
3. Design an agile solution that changes with the firm. An ineffective transaction monitoring solution falls behind a firm’s product constantly. Ideally, firms should think ahead and proactively anticipate upcoming risks and obligations. Each firm’s product should be designed ahead of time to allow it to implement those changes quickly. 

The post How firms can de-risk transaction monitoring appeared first on ComplyAdvantage.

Based on that discussion, this article explores why money muling has increased, red flags to look out for, and the role of artificial intelligence in more effectively curbing these new fraud and money laundering typologies. 

What Is COVID’s long-term impact on customer and criminal behavior? 

The pandemic triggered behavioral shifts across consumer groups and changes in criminal behavior that continue even as COVID fades into the background. In addition to a rise in medical fraud schemes, phishing, and Ponzi and investment schemes, financial crime has increasingly targeted potential money mules. Because economic circumstances have tightened across demographics, less classically vulnerable groups have been targeted alongside traditionally vulnerable populations. These trends show criminals’ rapid ability to adapt their methods to their environment. 

Why has this happened? Initially, the pandemic’s pressure on cash-intensive businesses pushed criminals toward other outlets to launder their funds. At the same time, otherwise honest individuals began experiencing unprecedented economic stress.

Money launderers were quick to take advantage of this, funneling illicit funds through desperate individuals – tricking or manipulating them into serving as mules.

As the pandemic has receded, its aftershocks remain, extending many of these pressures and continuing to encourage trends like money muling and fraud. Some of the most enduring effects include: 

• Accelerated digitalization fast-tracked due to increasing remote interactions. As payments digitize, funds can move more quickly, facilitating muling activity and other financial crime.
• Supply chain shocks further exacerbated by Russian sanctions. This contributes to black markets, fraud, and trafficking while further impacting the global economy.
• Continuing economic volatility and inflation borne by these and other complex trends. This pushes criminals and honest people to seek alternative funding sources. 

As money launderers continue to take advantage of customers’ social and economic vulnerability, firms must adapt their transaction monitoring accordingly. Risk teams need agile anti-money laundering and counter-terrorist financing (AML/CFT) tools to constantly adapt to these intensifying risks.

How transaction monitoring can detect rising money mule risks

This raises the question: What patterns of behavior typically indicate a money mule? Can existing monitoring tools properly detect this type of activity?

Profiling patterns, not people

Since money muling recruiters specifically look for people who behave normally, firms shouldn’t rely on profiling customers so much as transaction patterns. To detect a classic retail banking money mule scenario, firms should be looking for unusual patterns of transactions rapidly moving out of an account – often with a lower amount leaving than what came in. This is because a money mule usually skims off a commission from the original inbound payment. 

How transaction monitoring can detect muling

Properly-tuned transaction monitoring rules are critical to detecting this kind of activity. Yet many systems are calibrated to identify incoming payments without considering the surrounding context, which is key to distinguishing between truly suspicious and low-risk activity. This can cause an influx of ambiguous alerts, leading to false positives and negatives. When a transaction is flagged without further context, analysts – particularly in the fintech community – often reach out to the customer to find out more and establish a clearer risk profile. 

A more effective approach would be to risk-rank an inbound transaction based on the customer’s profile. Tools that use machine learning can do this most dynamically and efficiently. However, if a firm doesn’t have access to machine learning, traditional monitoring systems can be tuned to look for things like:

• Turnaround time – How quickly is an inbound amount sent out again from the account?
• Known recipients – Has the payment been sent to a recipient in the customer’s regular outbound payment list?

Over time, a firm can use findings based on these rules to create an even more targeted approach. After analyzing the profiles of people they’ve caught, they can focus the system’s rules on client groups reflecting similar characteristics. This could involve:

• High-risk age groups – This could include younger people, who often don’t have the savings to weather a serious economic crisis. It could also include seniors, who are often the target of elder abuse and scams.
• Groups outside regular employment – This might entail, for example, clients no longer receiving salary payments – or who are receiving grant or furlough payments. 

Refining how rules operate within specific customer groups can improve alert accuracy.

Detecting risk in different groups: Retail vs. corporate customers

In contrast to many of the more transparent red flags indicating individual money mules, corporate accounts can more easily hide illicit transactions. This is because business accounts already receive a higher volume of cash deposits. The rapidity of inbound and outbound transactions is still relevant – but firms should also consider a macro view with their corporate clients. 

Such an approach entails looking at a business’s profile and assessing how much money should be flowing through the account based on its size and industry. For example, a dine-in-only restaurant making huge profits from cash deposits might not add up. To account for such a large cash influx, the venue would have to seat a logistically impossible number of customers. 

On the other hand, firms need to have enough context to distinguish between a true red flag and a business that has simply changed its business model. In the case of restaurants, the pandemic forced a shift toward takeout. In that context, a larger cash influx may be normal activity. 

The key to telling the difference is understanding the business in question and what’s normal for it. Firms should be sure they understand their clients’ typical transaction volumes, and think about any context changes or known situations (such as an economic crisis or pandemic) the business might have had to adapt to. When in doubt, firms can reach out to the business in question for more details. They should also conduct further research and analysis online to assess whether or not the business made a legitimate pivot. 

How can neobanks and FinTechs detect money muling?

Money muling detection can be especially challenging for fintechs and neobanks. Many are newer entrants into the market, and are often looking to scale quickly while adding new products, services, or geographies.  So what can firms in the sector do to catch more muling activity? Key areas to consider include:

• Robust transaction monitoring – Given the sector’s familiarity with cutting edge technology, a high-tech transaction monitoring tool is a natural – and wise – choice. These agile tools can use AI to detect nuanced risk, rank alerts, and streamline the monitoring process. When it comes to money muling, machine learning can tailor monitoring to behaviors and profiles most relevant to a firm. In contrast, manual tuning takes more time, only happens when planned, and can’t keep up with criminals’ constant adaptive behavior. This can result in missed risks. For firms operating in new and changing spaces – often with more limited resources – precise, scalable tools can enable smaller teams to implement a powerful risk-based approach. 
• Communication with other firms in the ecosystem – Firms can inform each other of risks they are seeing and how they are handling them. Because this is a manual approach, it is not enough on its own. But in combination with an agile transaction monitoring tool, ongoing communication in the sector can provide firms with valuable insights they can use to further refine their process.
• Adverse media checks for customers – Because criminals usually target people without a criminal history, this approach should only serve as an additional check. Profiling money mules is difficult, and few will have past convictions. Still, an awareness of customers’ criminal history can provide important information. Even if a customer with a criminal past isn’t a mule, they could be part of a larger ecosystem that interacts with mules. 

How can machine learning and traditional rules work together?

Machine learning doesn’t necessarily compete with rules – in fact, the two can work well in tandem. Rules can provide the basic knowledege of customer behavior machine learning needs to improve. At the same time, machine learning can help prioritize alerts generated by rules to ensure the riskiest ones rise to the top. Individual rules are more straightforward, while machine learning is good at providing nuance and reducing false positives. Many firms start out with baseline rules while developing a more in-depth, data-centric machine learning model in the long run. This buys them the time they need to thoroughly test and tweak the model and make sure it’s operating as needed – and that they understand it. 

A Practical Guide to AI for Financial Crime Risk Detection

As financial crime risk data becomes more complex, how can transaction monitoring keep up? Discover how AI can power more efficient risk management.

Download the Guide

Why regulators are focused on explainability

Regulators generally provide technology-agnostic anti-money laundering (AML) guidance to firms, focusing on risk-based principles that should underlie financial crime controls. Still, when it comes to machine learning and AI, regulators expect firms to retain control over their processes. Therefore, a firm that can’t explain how its machine learning system works is unlikely to impress authorities. 

Regulators are particularly concerned with preventing reliance on black box technology – tools built on processes no one can explain. One of the main reasons for this concern is that this can harm customers and their rights, an area the European Union’s General Data Protection Regulation (GDPR) seeks to address. A black box system can’t be monitored for ethical concerns like data privacy and discrimination. 

Outside regulatory expectations, firms also have an interest in ensuring their systems are explainable. Investigators that understand the AI tools at their disposal can make informed decisions quickly, responsibly, and efficiently. Clear explanations also enable firms’ processes to be continually assessed, improving both their effectiveness and fairness and mitigating unforeseen problems like algorithmic bias.

It’s important to note that despite the cautions surrounding explainability, AI and machine learning are increasingly recognized as necessary to effective financial crime risk management. The important thing is to follow established best practices and stay abreast of the latest AI-related technological, ethical, and regulatory developments.

Testing the system: Why a robust second line of defense is crucial

Beyond first line due diligence and investigation, it’s crucial to give equal attention to the second line of defense, testing how well a system is working – and how well a firm is fighting financial crime.

To ensure independent oversight, teams performing second line testing should be separate from those on the first line of defense. In many countries, firms subjected to money laundering regulations must assign a money laundering reporting officer (MLRO) to report at least annually to the board on the effectiveness of the firm’s financial crime controls. This oversight not only helps ensure compliance with regulators, but also that a firm’s investment in risk management is well-placed. Any gaps revealed by independent reviews can be addressed to allow for a more risk-based approach. 

Breaking out of silos: The importance of holistic financial crime risk management

Traditionally, fraud and AML have been overseen separately. On one hand, it’s true that each field entails specific scenarios that require specialized expertise. For example, the chargeback process is specific to fraud and requires somebody that understands it. 

However, the need for specialization does not necessarily require firms to segregate these processes. For example, fraud is one of many predicate offenses that feed into money laundering, alongside drug and human trafficking, environmental crime, and murder. If a customer commits fraud, they will eventually need to launder their illegally-acquired assets before using them.

Firms are better off looking at financial crime risk as a whole, and then devising systems suited to their unique risks, from fraud to AML and beyond. There are several steps to this holistic risk-based approach:

1. Complete an updated risk assessment – This should not be limited to fraud or AML but should cover the spectrum of financial crime scenarios. The firm should thoroughly analyze which typologies and scenarios it is likely to be exposed to given its customers, products, and jurisdictions. 
2. Identify targeted risk – Firms can then identify their particular vulnerabilities and the controls needed to manage their unique risks. 
3. Build controls holistically – Consider what combination of risks each product is most exposed to, and build controls reflecting that exposure. Some products’ controls might need to focus on certain typologies over others, while others might require a combination. The point is that the controls should be determined by looking at the whole risk each part of the business is exposed to, without pre-determining expected categories. Only then can the true risk be addressed thoroughly.

As firms begin exploring different risk scenarios, they will see that there’s actually quite a spread of vulnerability. Risk is not siloed. Many controls can cross traditional fraud/AML siloes to mitigate many different risks at once.

The importance of agile risk management workflows

Firms are generally good at recognizing new typologies when they emerge, whether as part of investigations, following law enforcement alerts, or due to alerts from fellow financial institutions. In the future, data sharing will further enable effective response to changing risks. 

In spite of this, firms may struggle to rapidly adapt their transaction monitoring systems to these typologies. Two main reasons stand out: underdelveloped technology and overly complex governance structures requiring excessive sign-off for every system or rule change. As the data required to keep up with financial crime and AML regulations becomes more complex, firms need streamlined solutions that don’t compromise on accountability or risk. To this end, AI-driven transaction monitoring tools can support agile risk management by constantly learning and adapting. 

Meanwhile, as their workflows become more streamlined, firms will also need to review their governance structures. It’s important they continue to provide accountability while supporting an efficient, risk-based approach. Firms can ensure their transaction monitoring and governance structures support a fast-moving, risk-based process by undertaking regular enterprise-wide risk assessments (EWRA) and independent testing and audits.

Key takeaways

As firms face increasingly complex risk data and evolving regulatory requirements, a technology-driven response is emerging. The support of new AI-driven tools is allowing financial institutions to allocate their resources where their risks are, while ensuring ongoing quality and consistency. With the rise of more data sharing, firms will be able to take advantage of unparalleled risk insights.

Built on agility and born into a fast-paced financial crime world, fintechs are in a unique position to lead the way. But traditional firms also have the opportunity to rise to the top by adopting a more agile approach. As firms build more adaptable financial crime teams, they will better protect themselves from loss and improve regulatory accountability, while protecting their customers and reputations.

The post De-risking transaction monitoring: Reacting to changing behaviors appeared first on ComplyAdvantage.

What is fraud prevention?

Fraud prevention refers to a firm’s policies, functions, and processes that keep fraud from occurring. No fraud prevention strategy is foolproof, but firms can focus on preventing the types of fraud they’re most at risk for. This will ensure they use their resources most effectively. To do this well, they can implement regular risk assessments to ensure their framework is based on realistic risks.

The difference between fraud prevention and detection

Fraud prevention and detection are complementary strategies to reduce fraudulent activity and losses. Fraud detection identifies fraudulent activity that has occurred or been attempted. It responds to an existing threat. With fraud prevention, firms implement policies and safeguards that make it harder for criminals to commit fraud. Examples include:

• Employee and customer screening.
• Customer education.
• Customers can activate card freezing and similar protections if their account is compromised.
• Transaction screening.

5 tips on how to prevent fraud

Even though a thorough fraud prevention strategy must be tailored to a firm’s unique risks, there are several facets that every firm should consider.

1. Conduct an enterprise-wide risk assessment (EWRA)

Effective fraud prevention programs must be risk-based. This entails performing regularly-updated EWRAs that analyze fraud risks based on a firm’s unique context. An up-to-date EWRA will help a firm focus on the fraud risks relevant to its operations and avoid wasted resources on low-risk typologies for their business and sector. Armed with a comprehensive understanding of its true risk, the firm can consider its risk appetite. Since risk can never be completely eliminated, a risk appetite considers a realistic and effective level of risk control that enables reasonable business to continue. 

To effectively apply its individualized risk assessment, a firm should create controls addressing its residual risk – what lies beyond the firm’s risk appetite. Specifically, fraud risks should be controlled in light of the overall risk profile, including other risky behaviors and typologies. Traditionally, firms have viewed fraud prevention as part of a process primarily aimed at reducing loss to the company and maintaining positive customer service. While these are important fraud detection and prevention aspects, they are not the whole picture. As a predicate offense to money laundering, fraud is often tied to broader criminal activity, from other predicate crimes such as wildlife and drug trafficking to money laundering and terrorist financing. To effectively combat fraud, firms must understand it in its entire context rather than viewing fraud events as isolated incidents.

All too often, fraud and AML teams operate in siloes. Yet both departments have access to information that could significantly improve the firm’s overall understanding and mitigation of its risks. For example, money laundering patterns could lead back to fraud as their source, alerting a firm to risks they may not have adequately prevented. This, in turn, could lead to better fraud prevention – and detection should activity slip through the cracks. 

2. Strengthen internal controls

Firms should take stock of their business operations in light of their updated EWRA and risk appetite. Because the risk a firm faces depends on its unique activities and structure, it is impossible to give a universally exhaustive list of necessary controls and policies. The firm must ultimately determine this as appropriate to its own operations and obligations. That said, risk-based controls and policies will share several features in common.

Internal fraud prevention

Employees can use their access to fraudulently benefit themselves or others. In more serious scenarios, those higher up in a firm can use it as a front to perpetuate their own illegal activity, which could include theft, money laundering, bribery, and terrorist financing. 

In dealing with sensitive financial information, firms should ensure they understand which duties are incompatible, meaning different people should hold them and have strictly controlled access to relevant information. This is a basic necessity for the prevention of internal fraud. According to accountants Alexander Aronson Finning CPAs, four categories should never be held by the same personnel:

• Authorization or approval. 
• Custody of assets. 
• Recording transactions. 
• Reconciliation/control activity.

External fraud prevention

Firms must ensure customers are protected from exploitation by fraudsters and that fraudsters do not open and use their accounts to perpetrate fraud. This latter scenario can cross into anti-money laundering (AML), as the two can easily overlap when the fraudster is the account owner. Policies should include processes and roles that help to mitigate this risk in line with a firm’s most recent EWRA.

Thorough documentation of processes and roles is essential to ensure the fraud prevention program aligns with risks, strategizes for the right functions and resources, and complies with any applicable laws, such as those regulating the handling of sensitive information. It’s also necessary for proper segregation of duties. Finally, it will provide a clear baseline to measure against when auditing a fraud prevention program for effectiveness.

3. Create a fraud prevention culture

No fraud prevention program will be effective if it does not permeate the firm. This means everyone should be aware of the risks associated with internal fraud and trained in basic security measures to prevent it. 

Training

Knowledgeable, well-trained staff are crucial to a well-designed fraud prevention program. Aside from hiring capable individuals, the individualized nature of each firm’s risk requires regular training. Even veteran fraud professionals will not be familiar with a firm’s unique risk landscape without continual updates. Training should be updated to align with a firm’s most recent EWRA and provide a holistic picture of fraud risks and compliance requirements.

Avoiding generic or rote programs can also help with retention and compliance. Effective training goes beyond imparting static knowledge or testing short-term memory. Instead, it practically orients fraud professionals and gives them a concrete understanding of how policies practically apply daily. Staff will then be better able to carry out more effective fraud prevention.

Anyone dealing with customer information – even if their role is not explicitly related to fraud – should be thoroughly trained to understand when customers may be at risk of exploitation. They should have a reliable chain of command to turn to when they suspect a customer may be especially vulnerable or getting scammed.

Sound governance

General awareness also needs to be supported by sound governance. To ensure fraud prevention policies, procedures, and roles are properly implemented, it’s important to soundly structure roles, from upper leadership to each team and its members. Although each governance model will be tailored to a firm’s unique risks, there are core features most programs should entail.

The three-lines-of-defense model is an industry-validated approach to governance in risk management. It provides a sound framework for firms as they determine the roles needed to respond to the risks uncovered by their tailored EWRA. PwC provides a helpful outline of what each line entails.

1. First line – These are the people in charge of the front-facing fraud prevention strategy and its associated processes. A well-developed first line should include an autonomous senior executive assigned to coordinate the strategy and processes for all first-line risk management, especially:
     •  Fraud strategy development and implementation.  •  Fraud analysis, investigation, recovery, and reporting. 

     •  Coordination between fraud prevention and related functions, especially cyber security, authentication, customer service, and broader financial crime risk management (including AML).

   This executive oversight should keep the fraud prevention and risk management function running smoothly. It should ensure all teams are working at their best with appropriate equipment and that the whole process is risk-based and integrates with wider risk management functions.

2. Second line – Those involved in the second line are responsible for establishing an objective, holistic, and well-structured picture of the company’s fraud risks. This is most reliably established through regularly updated EWRAs, which will look at financial crime risks within the context of the firm’s activities and regulatory requirements. Based on the risk profile established, this line of defense will also ensure adequate policies and procedures are in place.
   The second line of defense for fraud prevention will include the compliance team, overseeing the fraud prevention program’s compliance with company policy and, as applicable, any regulations such as privacy protection laws and any overlapping AML obligations.
3. Third line – Independent assessment and accountability are crucial to any effective risk management program. As such, the third line of defense helps hold both the first and second lines accountable by assessing the adequacy and effectiveness of their policies, procedures, and processes. This is done through internal auditing.

Firms are also well-advised to undertake third-party reviews of their risk management processes to ensure all three lines of defense are held accountable. 

4. Implement strong cybersecurity measures

Cybersecurity is key to ensuring a company’s sensitive data is not compromised, falling into the wrong hands and violating regulatory requirements. Every firm’s tech must have built-in cybersecurity measures. Firms should also train employees in basic cyber hygiene. This can prevent internal attacks such as unauthorized account access or spear phishing, where a fraudster poses as a trusted person to obtain money or sensitive information to be used in a fraudulent scheme.

Digital-native firms not operating bug bounty programs – incentive-based programs designed to stress test platforms for potential flaws – should also consider implementing them alongside frequently-scheduled pen testing exercises.

A dedicated information security team is key to effective cybersecurity. This team should be well-trained and knowledgeable in how their function can help prevent internal fraud. A firm’s fraud prevention governance policies should delineate their roles and responsibilities.

5. Establish a process for response in case of an incident

When an internal fraud incident occurs, it may be argued that the time for prevention is past. However, a swift and adequate response can help ensure the incident does not blow out of proportion. In line with their most recent risk assessment, firms should consider fraud scenarios for which they may be especially at risk. A response strategy can be outlined for each scenario and validated against industry practice. Such scenarios might include:

• Strategies for responding to an information security breach or hack.
• A chain of command and process to follow if an employee believes they’ve discovered evidence a colleague is committing fraud.

Using advanced tech: Emerging technologies for fraud prevention

The support of proper technology is increasingly vital to reliable risk management. For example, machine learning and artificial intelligence enable the detection of otherwise hidden risks. Firms can use this for fraud prevention in customer due diligence, deploying tools that implement natural language processing (NLP) for more effective adverse media checks at onboarding. 

ComplyAdvantage’s AI-powered transaction screening and monitoring solution, for example, can adapt to evolving fraud typologies, which can, in turn, help firms update their fraud prevention strategy to reflect the latest risks. Similarly, with Fraud Detection by ComplyAdvantage, firms can enhance their fraud prevention strategies as they leverage one of the most powerful machine learning models that not only detects fraud but also explains the reason why each alert was created.

Firms may consider how technology might empower anti-fraud teams to use their time and analytical capabilities better by reducing false positives and offering better insights. Even firms not yet ready for a technological overhaul can benefit from AI overlays that offer intelligent risk detection and alert prioritization to legacy platforms. Firms can also audit their existing tools to ensure they support a risk-based approach.

The post What is fraud prevention, and why is it important? appeared first on ComplyAdvantage.

Ebury’s previous TM setup had become outdated, resulting in a large backlog of alerts and operational inefficiencies. As a result, Ebury’s compliance team sought a new long-term partnership for transaction monitoring to enable the company to scale while managing its financial crime risks.

A personalized approach

Ebury’s objectives for the partnership centered around creating a non-generic TM rule library configured to mitigate the specific money laundering and terrorist financing threats the business faces. Ebury’s ambition was to reduce the monthly false positive alerts it received to free up operational resources, delivering a laser focus on genuine threats. 

“We wanted a vendor that would give us the possibility of customizing our rules in line with our segmentation and provide us with the necessary information to understand the effectiveness and the efficiency of the platform. That’s something ComplyAdvantage allows us to do.”

Miriam Crespillo, Global Head of Sanctions and Transaction Monitoring, Ebury

ComplyAdvantage helped Ebury achieve its strategic objectives by implementing a TM rule library aligned with industry risk typologies that reflect Ebury’s different customer base. ComplyAdvantage ensured that each customer type was accounted for in its rule set throughout the scoping and build period. 

To support Ebury in its ambitions, ComplyAdvantage took a deep dive into what rules were currently working well for Ebury and which were no longer fit for purpose based on the company’s growth. 

Proactive collaboration

Particular attention was given to understanding Ebury’s risk-based approach to ensure the new TM rule set satisfied their needs and aligned with its risk appetite. Ebury collaborated with ComplyAdvantage implementation consultants to define their data model and scope out the bespoke rules they wanted to build. ComplyAdvantage’s solution engineers built these rules in a secure QA environment for Ebury to test, change, and refine. 

“The collaboration between ComplyAdvantage and Ebury during the testing and implementation of the new transaction monitoring framework has been key to ensuring its successful release in a timely manner, which has resulted in a clear increase of effectiveness and efficiency.”

Miriam Crespillo, Global Head of Sanctions and Transaction Monitoring, Ebury

Bespoke TM rule sets

Deploying ComplyAdvantage’s TM solution has allowed Ebury to build rules and configure thresholds tuned to its risk assessment. This means its analysts can focus on the alerts that matter and identify real risks. By adopting a risk-based approach and tailoring the rule set to its customers, Ebury worked with the implementation team at ComplyAdvantage to configure appropriate rules, mitigate risk, and reduce false positive rates by 60 percent.  

One such rule was built when new sanctions were being imposed on Russia at an unprecedented rate from February 2022. According to Ebury’s Screening and Transaction Monitoring Manager Ignaat van der Meulen, “Every transaction sent to Russia had to be reviewed in real-time. ComplyAdvantage helped us quickly implement a custom rule that stopped anything going to Russia in real-time.”  

Another bespoke rule set involved splitting the annual estimation rule to allow Ebury to track new, higher-risk customers. In splitting the rule, ComplyAdvantage also implemented different thresholds for new and existing clients in light of Ebury’s risk appetite. This change enhanced Ebury’s risk-based approach by allowing their compliance teams to prioritize and monitor the activity of new customers with the highest risk levels.  

ComplyAdvantage’s TM solution has allowed Ebury to uncover new insights into customer activity, enabling the financial services company to detect new or emerging typologies and build rules to mitigate them.

A longstanding partnership

Going forward, Ebury is working with its dedicated customer success manager who understands the compliance team’s objectives and plans to drive success. 

“Our customer success manager plays a key role. They are very easy to approach and act as a filter between the vendor’s technical teams and us when we want to tweak something from an operational perspective.”

Ignaat van der Meulen, Screening and Transaction Monitoring Manager, Ebury

Through a collaborative success plan, clearly defined goals, quarterly business reviews (QBRs), and continuous dialogue, Ebury and ComplyAdvantage have a partnership to track and measure successful business outcomes.

The post Ebury reduces false positive rates by 60% through bespoke transaction monitoring rule sets appeared first on ComplyAdvantage.

Announcing the paper’s release, HKMA Executive Director Carmen Chu noted that the key objective of the guidance is to support the greater use of data and technology. Specifically, Chu commented on the regulator’s aim for authorized institutions (AIs) to adopt a system that generates targeted alerts to deliver more actionable insights into the anti-money laundering and counter-financing of terrorism (AML/CFT) ecosystem.   

Updated Guidance

In Hong Kong’s 2022 Money Laundering and Terrorist Financing Risk Assessment Report, the government highlighted five focus areas to enhance its AML/CFT regime. The first relates to keeping pace with international standards by implementing updated standards and providing a legal framework for better implementation of risk-based regulation. The HKMA’s guidance paper follows this priority to improve the effectiveness of transaction monitoring, screening, and suspicious transaction reporting undertaken by AIs.

Transaction Monitoring

Practical guidance relating to the way in which firms adopt, design, and review their transaction monitoring systems consists of the following:

• Assessment: Before implementing a particular transaction monitoring system, AIs should conduct a robust assessment and document the rationale for adopting the system. This should include how compatibile the new system is with the AI’s existing IT infrastructure and how any necessary system changes will be executed and managed.
• Automation: A level of automation involving one or more rules-based or scenarios-based systems may help AIs produce alerts or management information system (MIS) reports to aid the identification of suspicious transactions that require further examination.
• Configurability: AIs are reminded that off-the-shelf systems provided by a vendor may not adequately take into account a firm’s specific risks. AIs should adopt a system that can be configured to their relevant contexts, such as the ability to adjust thresholds and customize rule sets to sufficiently meet legal and regulatory requirements.
• Customer segmentation: AIs are encouraged to have appropriate customer segmentation to allow the transaction monitoring system to operate effectively, and generate more targeted, higher-quality alerts. 

Screening

While the HKMA acknowledges there is no “one-size-fits-all” approach to customer screening, the regulator provides the following guidance to help AIs adopt a screening solution that is consistent with their risk appetite, and ensure compliance with relevant regulations:

• Up-to-date databases: Whether databases are maintained in-house or with support from a vendor, AIs should ensure they are complete, accurate, and updated in a timely manner. 
• Name matching: Appropriate settings should be applied to allow the screening system to identify common spelling alterations and variations, including the manipulation of names and keywords. AIs may also choose to use automated processes to handle names that use non-Latin script. 
• Ongoing review: Frequent monitoring, tuning and testing should be conducted on all aspects of screening systems, with testing results and analysis properly documented. Senior management should have sufficient oversight of screening systems and processes to ensure their efficiency and effectiveness. 

Suspicious Transaction Reporting

To meet their reporting obligations, AIs must maintain high levels of quality and consistency. When filing a suspicious transaction report (STR), the HKMA advises AIs to:

• Structure the content systematically
• Focus on the main subject and be concise
• Include digital footprints related to online banking activities
• Use of file attachments appropriately
• Avoid providing non-editable transaction records

Additional Focus Areas

The Hong Kong government’s four other priorities likewise respond to the risks and gaps identified in its 2022 assessment. These include:

• Strengthening the application of risk-based supervision to ensure targeted regulation is applied to high-risk areas, such as banking, money service operators, dealers in precious metals and stones, and trust or company service providers
• Enhancing outreach and capacity-building to promote awareness and understanding of money laundering and terrorist financing (ML/TF) risks by various sectors 
• Monitoring new and emerging risks to respond promptly to evolving patterns of predicate offenses or terrorism, and modes of ML/TF
• Strengthening law enforcement efforts and intelligence capability to tackle domestic and international ML/TF, and enhance confiscation of the proceeds of crime

Key Takeaways

Firms should review the updated guidance and implement any necessary operational, technical, and/or policy changes to align practices with those set out by the HKMA.

Additionally, compliance staff should review this guidance in conjunction with the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO), the Guideline on Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT Guideline), and other guidance issued by relevant competent authorities. 

The post Hong Kong Regulator Updates Guidance on Transaction Monitoring, Screening, and Reporting appeared first on ComplyAdvantage.